Tag: credit-card
-
Misconfigured Server Run by Hackers Leaks 345,000 Stolen Credit Cards
A misconfigured server linked to the carding marketplace Jerry’s Store exposed 345,000 stolen credit cards after an AI coding error caused a major security flaw. First seen on hackread.com Jump to article: hackread.com/misconfigured-server-hackers-leak-stolen-credit-cards/
-
The Facebook ID problem breaking your DLP alerts
Tags: ai, api, credit-card, data, detection, exploit, finance, governance, LLM, ml, PCI, risk, service, sql, technology, tool, zero-trustHow we reverse-engineered the structure of Facebook IDs to improve credit card classification. (This is blog 3 in our Classification Series. You can also read {children} and {children}) The concept behind data loss prevention (DLP) platforms is simple and powerful: Discover and classify sensitive data then apply policies to prevent that data from leaving the…
-
The Race Is on to Keep AI Agents From Running Wild With Your Credit Cards
AI agents may soon be buying your stuff for you. The FIDO Alliance has teamed up with Google and Mastercard to try to ensure that shopping in the near future isn’t a complete disaster. First seen on wired.com Jump to article: www.wired.com/story/the-race-is-on-to-keep-ai-agents-from-running-wild-with-your-credit-cards/
-
The AI criminal mastermind is already hiring on gig platforms
Labor-hire platforms let anyone with a credit card post a task and pay a stranger to complete it. The RentAHuman platform extends that model to AI agents through a Model … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/04/27/ai-criminal-mastermind-gig-platforms/
-
Inside an Underground Guide: How Threat Actors Vet Stolen Credit Card Shops
In cybercrime markets, trust isn’t assumed, it’s verified. Flare reveals how underground guides teach actors to evaluate carding shops based on data quality, reputation, and survivability. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/inside-an-underground-guide-how-threat-actors-vet-stolen-credit-card-shops/
-
Attackers Deploy Hidden Magecart Skimmer on Magento Using SVG onload Abuse
Security researchers at Sansec uncovered a large-scale Magecart campaign targeting Magento e-commerce platforms. Nearly 100 online stores were infected with a sophisticated credit card skimmer. To evade security scanners and steal shopper payment data seamlessly, attackers concealed the malicious payload inside an invisible SVG image element. Threat intelligence suggests the attackers likely breached the sites…
-
Hackers use pixel-large SVG trick to hide credit card stealer
A massive campaign impacting nearly 100 online stores using the Magento e-commerce platform hides credit card-stealing code in a pixel-sized Scalable Vector Graphics (SVG) image. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/hackers-use-pixel-large-svg-trick-to-hide-credit-card-stealer/
-
Planning a spring break trip? Don’t fall for these 7 travel scams
<div cla Spring break scams are out to ruin your vacation, but they don’t have to. With a little awareness and Avast Free Antivirus protecting your devices, you can hit the beach without handing criminals an opening. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/03/planning-a-spring-break-trip-dont-fall-for-these-7-travel-scams/
-
Apple rolls out age verification to UK iPhone users
The age filters will be turned on by default, meaning that all users, including adults, will have to prove their age via credit card and other payment methods on file or by submitting an ID to be scanned. First seen on therecord.media Jump to article: therecord.media/apple-rolls-out-age-verification-uk-iphone-users
-
Massive Telegram-Razzien
Check Point Software Technologies hat die millionenfache Löschung von verdächtigen Telegram-Kanälen beobachtet. Rund 20 Prozent der blockierten Kanäle standen laut Check-Point-Exposure-Management in Verbindung mit kriminellen Aktivitäten, die Unternehmen direkt betreffen, darunter illegaler Handel mit entwendeten Kreditkarten- und Logindaten. Telegram zuletzt stark unter Druck Nachdem die Plattform jahrelang eine eher lasche Moderationspolitik fuhr, geriet Telegram zuletzt…
-
Researchers: Meta, TikTok Steal Personal & Financial Info When Users Click Ads
Tracking pixels let social media companies spy on their users even after they click over to advertiser sites, gleaning credit card info, geolocations, and more, according to an analysis. First seen on darkreading.com Jump to article: www.darkreading.com/cyber-risk/meta-tiktok-steal-sensitive-pii
-
Meta, TikTok Steal Personal & Financial Info When Users Click Ads
Tracking pixels let social media companies spy on their users even after they click over to advertiser sites, gleaning credit card info, geolocations, and more. First seen on darkreading.com Jump to article: www.darkreading.com/cyber-risk/meta-tiktok-steal-sensitive-pii
-
Meta, TikTok Steal Users’ Sensitive PII When They Click on Ads
Tracking pixels let social media companies spy on their own customers when they click over to advertiser sites, gleaning credit card info, currency type, and more. First seen on darkreading.com Jump to article: www.darkreading.com/cyber-risk/meta-tiktok-steal-sensitive-pii
-
New Phishing Scam Uses LiveChat to Pose as Amazon and PayPal in Real Time
Cofense researchers warn of a phishing scam where attackers use LiveChat to impersonate Amazon and PayPal agents and steal credit card and MFA codes. First seen on hackread.com Jump to article: hackread.com/phishing-scam-livechat-pose-as-amazon-paypal/
-
LiveChat Abuse: How Phishers Are Exploiting SaaS Support Tools to Steal Sensitive Data
Tags: attack, credentials, credit-card, cybercrime, data, email, exploit, finance, mfa, phishing, saas, service, threat, toolThreat actors are abusing the LiveChat SaaS platform to impersonate brands like PayPal and Amazon in phishing campaigns designed to steal credentials, credit card details, MFA codes, and other sensitive data. Victims are lured through phishing emails and directed to LiveChat pages where attackers use chat interactions to request personal and financial information. The campaign…
-
Shadow AI vs Managed AI: What’s the Difference? FireTail Blog
Tags: access, ai, api, attack, breach, chatgpt, ciso, cloud, computer, control, credentials, credit-card, data, data-breach, framework, google, injection, intelligence, Internet, law, LLM, malicious, mitre, monitoring, network, password, phishing, phone, risk, software, switch, threat, tool, training, vulnerabilityMar 04, 2026 – – Quick Facts: Shadow AI vs. Managed AIShadow AI is a visibility gap: It refers to any AI tool used by employees that the IT department doesn’t know about. Most companies have 10x more AI tools in use than they realize.Managed AI is a “Paved Path”: It uses approved, secure versions…
-
Cybercriminals Exploit Fake Avast Website to Steal Users Credit Card Information
Cybercriminals have launched a convincing phishing operation by building a fake Avast website designed to steal credit card information from unsuspecting visitors. The fraudulent page mimics Avast’s official portal almost perfectly, complete with the genuine Avast logo pulled directly from the company’s content delivery network. It displays regular navigation links like “Home,” “My Account,” and…
-
Refund scam impersonates Avast to harvest credit card details
A convincing fake Avast site displays a Euro499.99 charge and promises a refund. Instead, it harvests your name, address, and full credit card details. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/02/refund-scam-impersonates-avast-to-harvest-credit-card-details/
-
Identity verification systems are struggling with synthetic fraud
Fake and expired IDs keep showing up in routine customer transactions, from alcohol purchases to credit card applications. The problem shows up most often in industries that … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/02/23/analysis-identity-verification-fraud-report/
-
Side-Channel Attacks Against LLMs
Tags: access, attack, chatgpt, credit-card, data, defense, exploit, LLM, monitoring, network, open-source, openai, phone, side-channelHere are three papers describing different side-channel attacks against LLMs. “Remote Timing Attacks on Efficient Language Model Inference”: Abstract: Scaling up language models has significantly increased their capabilities. But larger models are slower models, and so there is now an extensive body of work (e.g., speculative sampling or parallel decoding) that improves the (average case)…
-
Poland arrests suspect linked to Phobos ransomware operation
Polish police have detained a 47-year-old man suspected of ties to the Phobos ransomware group and seized computers and mobile phones containing stolen credentials, credit card numbers, and server access data. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/poland-arrests-suspect-linked-to-phobos-ransomware-operation/
-
New Sophisticated ‘Carding-as-a-Service’ Marketplaces Fuel Surge in Credit Card Fraud
Credit card fraud has matured into a service-based criminal economy where stolen cards, malware, and support are bundled and sold like commercial products. Underground “dump shops” such as Findsome, UltimateShop, and Brian’s Club now operate as full-fledged carding-as-a-service (CaaS) marketplaces, mirroring legitimate e”‘commerce platforms in usability, scale, and customer focus. At the core of this ecosystem is…
-
‘Dead’ Outlook add-in hijacked to phish 4,000 Microsoft Office Store users
Tags: banking, breach, browser, chrome, control, credentials, credit-card, data, finance, google, infrastructure, malicious, marketplace, microsoft, office, password, phishingoutlook-one.vercel.app, hosted on the Vercel development platform, from which users download the software.”Microsoft reviews the manifest, signs it, and lists the add-in in their store. But the actual content the UI, the logic, everything the user interacts with is fetched live from the developer’s server every time the add-in opens,” said Koi Security’s researchers. By…
-
Microsoft Outlook Add-In Stolen 4000 Accounts and Credit Card Numbers
Tags: breach, credentials, credit-card, cyber, data-breach, flaw, login, malicious, microsoft, officeA dormant Microsoft Outlook add-in has been weaponized by attackers to steal thousands of login credentials and credit card numbers. The incident, identified by security researchers as the first known malicious Office add-in found in the wild, exposed a critical flaw in how Microsoft distributes third-party tools. The >>Zombie<< App In 2022, a developer published…
-
Microsoft Outlook Add-In Stolen 4000 Accounts and Credit Card Numbers
Tags: breach, credentials, credit-card, cyber, data-breach, flaw, login, malicious, microsoft, officeA dormant Microsoft Outlook add-in has been weaponized by attackers to steal thousands of login credentials and credit card numbers. The incident, identified by security researchers as the first known malicious Office add-in found in the wild, exposed a critical flaw in how Microsoft distributes third-party tools. The >>Zombie<< App In 2022, a developer published…
-
Microsoft Outlook Add-In Stolen 4000 Accounts and Credit Card Numbers
Tags: breach, credentials, credit-card, cyber, data-breach, flaw, login, malicious, microsoft, officeA dormant Microsoft Outlook add-in has been weaponized by attackers to steal thousands of login credentials and credit card numbers. The incident, identified by security researchers as the first known malicious Office add-in found in the wild, exposed a critical flaw in how Microsoft distributes third-party tools. The >>Zombie<< App In 2022, a developer published…
-
Microsoft Outlook Add-In Stolen 4000 Accounts and Credit Card Numbers
Tags: breach, credentials, credit-card, cyber, data-breach, flaw, login, malicious, microsoft, officeA dormant Microsoft Outlook add-in has been weaponized by attackers to steal thousands of login credentials and credit card numbers. The incident, identified by security researchers as the first known malicious Office add-in found in the wild, exposed a critical flaw in how Microsoft distributes third-party tools. The >>Zombie<< App In 2022, a developer published…
-
OpenClaw reveals meaty personal information after simple cracks
Skills marketplace is full of stuff – like API keys and credit card numbers – that crims will find tasty First seen on theregister.com Jump to article: www.theregister.com/2026/02/05/openclaw_skills_marketplace_leaky_security/
-
Cybersecurity Alert: Fake Traffic Ticket Portals Target Personal, Credit Card Data
A highly sophisticated phishing campaign that targets Canadian drivers by impersonating provincial traffic bureaus. This new wave of attacks utilizes >>SEO poisoning<>waiting room<< experience before harvesting their sensitive Personally Identifiable Information (PII) and credit card […] The post Cybersecurity Alert: Fake Traffic Ticket Portals Target Personal, Credit Card Data appeared first on GBHackers Security |…